From 5db9256baf86734bd8099d98fd1fc9d5f6997427 Mon Sep 17 00:00:00 2001
From: Tony Murray <murraytony@gmail.com>
Date: Fri, 12 Aug 2016 14:42:57 -0500
Subject: [PATCH] Fix rrd_name escaping * used with glob() Thanks tuxis-ie for
 finding the issue and fix.

---
 .../graphs/application/shoutcast_multi_bits.inc.php       | 2 +-
 .../graphs/application/shoutcast_multi_stats.inc.php      | 2 +-
 html/includes/graphs/device/xirrus_dataRates.inc.php      | 2 +-
 html/includes/graphs/device/xirrus_noiseFloor.inc.php     | 2 +-
 html/includes/graphs/device/xirrus_rssi.inc.php           | 2 +-
 html/includes/graphs/device/xirrus_stations.inc.php       | 2 +-
 html/pages/device/apps/ceph.inc.php                       | 8 ++++----
 html/pages/device/apps/shoutcast.inc.php                  | 2 +-
 8 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/html/includes/graphs/application/shoutcast_multi_bits.inc.php b/html/includes/graphs/application/shoutcast_multi_bits.inc.php
index cd193c6bf9..208c093df6 100644
--- a/html/includes/graphs/application/shoutcast_multi_bits.inc.php
+++ b/html/includes/graphs/application/shoutcast_multi_bits.inc.php
@@ -21,7 +21,7 @@ $colour_area_in  = 'CDEB8B';
 $colour_area_out = 'C3D9FF';
 
 $rrd_list = array();
-$rrd_filenames = glob(rrd_name($device['hostname'], array('app', 'shoutcast', $app['app_id'], '*')));
+$rrd_filenames = glob(rrd_name($device['hostname'], array('app', 'shoutcast', $app['app_id']), '*.rrd'));
 foreach ($rrd_filenames as $file) {
     $pieces = explode('-', basename($file, '.rrd'));
     $hostname = end($pieces);
diff --git a/html/includes/graphs/application/shoutcast_multi_stats.inc.php b/html/includes/graphs/application/shoutcast_multi_stats.inc.php
index 3a72450623..f2239470eb 100644
--- a/html/includes/graphs/application/shoutcast_multi_stats.inc.php
+++ b/html/includes/graphs/application/shoutcast_multi_stats.inc.php
@@ -8,7 +8,7 @@ $total_text = 'Total of all ShoutCast Servers';
 $nototal    = 0;
 
 $rrd_list = array();
-$rrd_filenames = glob(rrd_name($device['hostname'], array('app', 'shoutcast', $app['app_id'], '*')));
+$rrd_filenames = glob(rrd_name($device['hostname'], array('app', 'shoutcast', $app['app_id']), '*.rrd'));
 foreach ($rrd_filenames as $file) {
     $pieces = explode('-', basename($file, '.rrd'));
     $hostname = end($pieces);
diff --git a/html/includes/graphs/device/xirrus_dataRates.inc.php b/html/includes/graphs/device/xirrus_dataRates.inc.php
index 257ddbea0e..5a716b5c08 100644
--- a/html/includes/graphs/device/xirrus_dataRates.inc.php
+++ b/html/includes/graphs/device/xirrus_dataRates.inc.php
@@ -24,7 +24,7 @@ $pallette = array(
 $rrd_options .= ' -l 0 -E ';
 $rrd_options .= " COMMENT:'Average Data Rate       Cur    Min    Max\\n'";
 $radioId=1;
-foreach(glob(rrd_name($device['hostname'], 'xirrus_stats-*')) as $rrd) {
+foreach(glob(rrd_name($device['hostname'], 'xirrus_stats-', '*.rrd')) as $rrd) {
     // get radio name
     preg_match("/xirrus_stats-iap([0-9]{1,2}).rrd/", $rrd, $out);
     list(,$radioId)=$out;
diff --git a/html/includes/graphs/device/xirrus_noiseFloor.inc.php b/html/includes/graphs/device/xirrus_noiseFloor.inc.php
index 148f55be93..f6e00420cd 100644
--- a/html/includes/graphs/device/xirrus_noiseFloor.inc.php
+++ b/html/includes/graphs/device/xirrus_noiseFloor.inc.php
@@ -24,7 +24,7 @@ $pallette = array(
 $rrd_options .= ' -E ';
 $rrd_options .= " COMMENT:'Noisefloor              Cur    Min    Max\\n'";
 $radioId=1;
-foreach(glob(rrd_name($device['hostname'], 'xirrus_stats-*')) as $rrd) {
+foreach(glob(rrd_name($device['hostname'], 'xirrus_stats-', '*.rrd')) as $rrd) {
     // get radio name
     preg_match("/xirrus_stats-iap([0-9]{1,2}).rrd/", $rrd, $out);
     list(,$radioId)=$out;
diff --git a/html/includes/graphs/device/xirrus_rssi.inc.php b/html/includes/graphs/device/xirrus_rssi.inc.php
index dc8387edc1..97812ec531 100644
--- a/html/includes/graphs/device/xirrus_rssi.inc.php
+++ b/html/includes/graphs/device/xirrus_rssi.inc.php
@@ -24,7 +24,7 @@ $pallette = array(
 $rrd_options .= ' -E ';
 $rrd_options .= " COMMENT:'Signal RSSI            Cur     Min    Max\\n'";
 $radioId=1;
-foreach(glob(rrd_name($device['hostname'], 'xirrus_stats-*')) as $rrd) {
+foreach(glob(rrd_name($device['hostname'], 'xirrus_stats-', '*.rrd')) as $rrd) {
     // get radio name
     preg_match("/xirrus_stats-iap([0-9]{1,2}).rrd/", $rrd, $out);
     list(,$radioId)=$out;
diff --git a/html/includes/graphs/device/xirrus_stations.inc.php b/html/includes/graphs/device/xirrus_stations.inc.php
index 5feeaaeea2..329c114eb2 100644
--- a/html/includes/graphs/device/xirrus_stations.inc.php
+++ b/html/includes/graphs/device/xirrus_stations.inc.php
@@ -24,7 +24,7 @@ $pallette = array(
 $rrd_options .= ' -l 0 -E ';
 $rrd_options .= " COMMENT:'Associated Stations    Cur     Min    Max\\n'";
 $radioId=1;
-foreach(glob(rrd_name($device['hostname'], 'xirrus_users-*')) as $rrd) {
+foreach(glob(rrd_name($device['hostname'], 'xirrus_users-', '*.rrd')) as $rrd) {
     // get radio name
     preg_match("/xirrus_users-iap([0-9]{1,2}).rrd/", $rrd, $out);
     list(,$radioId)=$out;
diff --git a/html/pages/device/apps/ceph.inc.php b/html/pages/device/apps/ceph.inc.php
index ac79a740e4..2f47c5cdf2 100644
--- a/html/pages/device/apps/ceph.inc.php
+++ b/html/pages/device/apps/ceph.inc.php
@@ -14,7 +14,7 @@ foreach ($graphs as $key => $text) {
     $graph_array['id']     = $app['app_id'];
 
     if ($key == "ceph_poolstats") {
-        foreach (glob(rrd_name($device['hostname'], array('app', 'ceph', $app['app_id'], 'pool', '*'))) as $rrd_filename) {
+        foreach (glob(rrd_name($device['hostname'], array('app', 'ceph', $app['app_id'], 'pool'), '-*.rrd')) as $rrd_filename) {
             if (preg_match("/.*-pool-(.+)\.rrd$/", $rrd_filename, $pools)) {
                 $graph_array['to']     = $config['time']['now'];
                 $graph_array['id']     = $app['app_id'];
@@ -40,7 +40,7 @@ foreach ($graphs as $key => $text) {
         }
     }
     elseif ($key == "ceph_osdperf") {
-        foreach (glob(rrd_name($device['hostname'], array('app', 'ceph', $app['app_id'], 'osd', '*'))) as $rrd_filename) {
+        foreach (glob(rrd_name($device['hostname'], array('app', 'ceph', $app['app_id'], 'osd'), '-*.rrd')) as $rrd_filename) {
             $graph_array['to']     = $config['time']['now'];
             $graph_array['id']     = $app['app_id'];
             if (preg_match("/.*-osd-(.+)\.rrd$/", $rrd_filename, $osds)) {
@@ -56,7 +56,7 @@ foreach ($graphs as $key => $text) {
         }
     }
     elseif ($key == "ceph_df") {
-        foreach (glob(rrd_name($device['hostname'], array('app', 'ceph', $app['app_id'], 'df', '*'))) as $rrd_filename) {
+        foreach (glob(rrd_name($device['hostname'], array('app', 'ceph', $app['app_id'], 'df'), '-*.rrd')) as $rrd_filename) {
             if (preg_match("/.*-df-(.+)\.rrd$/", $rrd_filename, $pools)) {
                 $pool = $pools[1];
                 if ($pool == "c") {
@@ -86,7 +86,7 @@ foreach ($graphs as $key => $text) {
                     $graph_array['id']     = $app['app_id'];
                     $graph_array['type']   = 'application_ceph_pool_objects';
                     $graph_array['pool']   = $pool;
-    
+
                     echo "<tr bgcolor='$row_colour'><td colspan=5>";
                     include 'includes/print-graphrow.inc.php';
                     echo '</td></tr>';
diff --git a/html/pages/device/apps/shoutcast.inc.php b/html/pages/device/apps/shoutcast.inc.php
index 75f37d99e8..853c0be2e9 100644
--- a/html/pages/device/apps/shoutcast.inc.php
+++ b/html/pages/device/apps/shoutcast.inc.php
@@ -31,7 +31,7 @@ if (isset($total) && $total === true) {
     }
 }
 
-$files = glob(rrd_name($device['hostname'], array('app', 'shoutcast', $app['app_id'], '*')));
+$files = glob(rrd_name($device['hostname'], array('app', 'shoutcast', $app['app_id']), '*.rrd'));
 foreach ($files as $file) {
     $pieces = explode('-', basename($file, '.rrd'));
     $hostname = end($pieces);